-LRB- CNN -RRB- -- Over the past week , two popular Internet messaging companies , SnapChat and Skype , were hacked . SnapChat 's 4.6 million users ' user names and cell phone numbers were posted online . A hacker group posted messages to Skype 's official blog and social media accounts .

These are just the latest in a long list of tech companies that fail to provide adequate protection of their users ' personal data .

Do companies that offer free services have an obligation to protect our communications ? Yes , absolutely .

SnapChat is an app for phones that allows people to send photos and short videos to friends and promises to delete them once viewed , Ã la Mission Impossible .

In August 2013 , a group of security researchers publicly reported weaknesses in SnapChat 's programming interfaces that could allow data exfiltration and manipulation . They withheld the specific details that would enable someone to easily exploit the flaws .

If you 're mad at your critics , you might ignore them and quietly fix the flaws . If you 're appreciative you might engage them in a dialogue , thank them and work out some time to fix things before telling the public about it .

But it seems the founders of SnapChat chose instead to stick their heads in the sand .

After four months without response , the security researchers grew impatient and decided to publicly disclose the details on Christmas Day , including code they had written that would allow almost anyone to abuse SnapChat 's service .

SnapChat then blogged that it knew about the flaws , but was satisfied with the changes it implemented and did n't expect the service to be exploited . The next day someone posted the user names and phone numbers of the 4.6 million SnapChat users that they had extracted using the security weaknesses .

While some can make excuses for SnapChat by saying the company is young , hence inexperienced , a breach is still a breach . Skype , a division of Microsoft , ca n't even say that .

Skype had the dubious distinction of being the first major Internet company to be compromised in 2014 . It is the latest victim of a group called the Syrian Electronic Army , which has targeted numerous media companies over the years , including The Financial Times , BBC , NPR , Associated Press and Reuters .

With more than 3 million followers on Twitter and 27 million `` likes '' on its Facebook page , you would expect the security of a company like Skype to be carefully managed . How did this so-called electronic army penetrate its defenses ? It must have been an extremely sophisticated hack , right ?

Unfortunately , the answer is no . The Syrian Electronic Army is famous for using phishing , a simple tool that persuades users to disclose their user names and passwords through cleverly worded e-mails .

The primary defense against phishing , aside from never clicking suspicious links or attachments in e-mails , is to use two-factor authentication . The first factor is something we know , typically a password . By adding a second factor -- something you have such as a phone or special keychain token -- attackers not only must acquire your password , but also gain access to a piece of randomly generated information sent to a physical device .

The social media accounts of Skype that were accessed by the Syrian Electronic Army had optional two-factor authentication available , but it was apparently not enabled by Skype . As a result , Skype 's blog featured a headline : `` Hacked by Syrian Electronic Army ... Stop Spying ! '' Similar messages were posted on its Twitter and Facebook pages .

Skype acknowledged in a tweet : `` You may have noticed our social media properties were targeted today . No user info was compromised . We 're sorry for the inconvenience . ''

But Snapchat 's response to the incident is shameful . The company attempted to justify its mistake and promised it will change the app to allow opting-out of one feature without any acknowledgment of the damage done to its users or even a commitment to fixing the list of problems identified by the researchers .

If this was 2012 , I might be a little more forgiving . Back then most services did n't offer protections like two-factor authentication or those protections were not flexible enough to work for social media accounts . But this is 2014 . All of these social media services offer protection free , designed to prevent this very type of attack .

Did n't Skype think the 27 million people who `` liked '' them on Facebook and the more than 3 million people who follow them on Twitter deserve to be protected from potentially malicious posts ?

Companies that ca n't seem to get enough of our personal information need to be held accountable . The least they can do is be responsible and keep our data safe . The safeguards exist and the tech fixes are not hard . So , what are they waiting for ?

For consumers , do n't become complacent to the barrage of announcements explaining how another 5 million records were stolen due to negligence . Demand accountability .

Follow CNN Opinion on Twitter .

Join the conversation on Facebook .

The opinions expressed in this commentary are solely those of Chester Wisniewski .

@highlight

SnapChat 's 4.6 million user names and cell phone numbers were posted online

@highlight

Chester Wisniewski : Safeguards exists and tech fixes are easy , so why the breach ?

@highlight

He says Skype , SnapChat have obligation to make sure their services are secure

@highlight

Wisniewski : We must demand accountability from companies to protect our private data